[security-alerts] FW: [SA24914] McAfee VirusScan Enterprise On-Access Scanner Unicode Filename Buffer Overflow

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> McAfee VirusScan Enterprise On-Access Scanner Unicode Filename Buffer
> Overflow
> 
> SECUNIA ADVISORY ID:
> SA24914
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24914/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> McAfee VirusScan Enterprise 8.x
> http://secunia.com/product/3948/
> 
> DESCRIPTION:
> A vulnerability has been reported in McAfee VirusScan Enterprise,
> which can be exploited by malicious people to cause a DoS or to
> potentially compromise a vulnerable system.
> 
> The vulnerability is caused due to an error within the On-Access
> scanner component when processing file names that contain multi-byte
> characters (e.g. Chinese). This can be exploited to stop the
> On-Access scan or to cause a heap-based buffer overflow via a file
> with a specially crafted, overly long filename.
> 
> Successful exploitation may allow execution of arbitrary code but
> requires that East-Asia language files are installed, the default
> Unicode codepage is set to a language that contains multi-byte
> characters, and that the attacker is able to place the specially
> crafted file on the target system.
> 
> The vulnerability reportedly affects versions 8.0i Patch 11 and
> prior.
> 
> SOLUTION:
> Apply Patch 12 or later.
> https://mysupport.mcafee.com/eservice_enu/start.swe
> 
> PROVIDED AND/OR DISCOVERED BY:
> iDefense Labs
> 
> ORIGINAL ADVISORY:
> McAfee:
> https://knowledge.mcafee.com/SupportSite/dynamickc.do?external
> Id=612750&command=show&forward=nonthreadedKC
> 
> iDefense Labs:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=515
>